Let's be honest: when you put money into an app that isn't your bank, the first question isn't "how much does it earn?". It's "if something goes wrong, where does my money end up?".
It's a fair question. It's the same one we asked ourselves when we started building unflat. That's why we didn't try to reassure you with slogans. We built an architecture where, literally, we are not in a position to lose your funds.
In this article we'll walk you through, layer by layer, how your money is protected when you use unflat. We're not asking you to trust us: we're giving you the tools to verify every single claim you'll read below. If you don't know what unflat is yet, start there and then come back.
What happens to your funds if unflat shuts down tomorrow?
Nothing. They stay yours.
This isn't a marketing line: it's the technical consequence of how the app is built. Your USDC lives in a wallet registered to you, not to unflat. If our company shut down tomorrow, if our website disappeared, if our team stopped existing, your balance wouldn't change by a single cent. All you'd need is any compatible access point to your wallet to keep seeing, moving, and withdrawing your funds.
This is the starting point of unflat's entire security architecture. Everything else we explain below rests on this foundation.
The non-custodial wallet, explained without jargon
"Non-custodial" is a term that gets thrown around a lot in DeFi. Let's translate it into plain English.
In a traditional bank, your money isn't "yours" in the literal sense: it's a claim the bank recognizes toward you. If the bank fails, deposit insurance kicks in up to a certain threshold (in the EU, up to €100,000 per depositor per institution). Above that threshold, you join the line of creditors.
With a non-custodial wallet, the relationship is different. Your wallet is an account on the blockchain, meaning a public, distributed, and verifiable ledger. Only whoever holds the keys to that wallet can move the funds inside it. Those keys are controlled by you, not by unflat.
On unflat, your wallet is a smart account: a more modern version of classic wallets, which lets you log in with email and biometrics instead of a 12 or 24 word recovery phrase. The experience feels like a banking app, but the substance is the opposite: you are the sole owner of your keys.
Privy: a wallet without a seed phrase, explained
To create and manage these smart accounts, we use Privy, one of the most widely used wallet infrastructure providers in the world. Today Privy powers over 120 million accounts for more than 2,000 development teams, and in June 2025 it was acquired by Stripe, one of the most solid names in global financial infrastructure.
The important technical point: how is your private key protected if you don't have to memorize a seed phrase?
Privy doesn't store your key in a single place. The key is fragmented using a technique called key sharding, and the fragments live inside isolated execution environments (TEEs, Trusted Execution Environments) that no one, not even Privy itself, can read in cleartext. To reconstruct the key, your authentication is required (email plus biometrics), and the reconstruction happens inside these protected environments.
In practice: there is no single file, no single server, no single person who can access your wallet alone. Your presence is required, every time. And we at unflat have no way to sign a transaction on your behalf.
Coinbase: the regulated entry point
When you deposit USDC on unflat from fiat, your money passes through Coinbase, one of the most regulated crypto exchanges in the world.
What does this mean in practice? Coinbase has been listed on NASDAQ since 2021, is subject to US financial authorities (SEC, FinCEN), and runs bank-grade AML and KYC compliance programs. In Europe, it obtained a MiCA license from the Luxembourg CSSF, the new European regulatory regime for crypto services, which allows it to serve all 27 EU member states through the passporting mechanism.
For you, this means two things. First: the entry point of your funds into the ecosystem goes through an authorized, supervised entity that complies with European rules. Second: you get serious KYC onboarding, which reduces the risk of mixing your money with flows of dubious origin. It's the opposite of the "wild west" image many people still associate with crypto.
Morpho Protocol: where your money actually works
By now, a legitimate question: okay, my USDC is in my wallet. But how does unflat make it earn up to 7% APY?
Your USDC is deposited into vaults on Morpho Protocol, an overcollateralized DeFi lending protocol. "Overcollateralized" means that anyone borrowing on Morpho must deposit more collateral than the amount they're borrowing. If the collateral value drops below a threshold, the position is automatically liquidated by the smart contracts to repay the lenders. The lenders are us, meaning you.
Some numbers to give a sense of scale. At the time of writing, Morpho manages over $10 billion in deposits and around $6.6 billion in TVL. Its smart contracts have been formally verified by Certora and audited by leading DeFi security firms (including Trail of Bits, ChainSecurity, Spearbit). The contracts are immutable: no one, not even the Morpho team, can modify them after deployment. Every lending market is isolated: a problem in one vault doesn't spread to the others.
To date, zero exploits. This isn't a way of promising things will always go this way in the future. It's a verifiable fact, published on-chain, that you can check whenever you want.
Continuous monitoring and rebalancing
DeFi doesn't stand still. Markets shift, risk conditions evolve, interest curves move. That's why we don't just "park" your funds in a vault and hope for the best.
We use on-chain monitoring tools that track the health of the vaults your USDC is allocated to: vault utilization, collateral concentration, curator risk parameters, stress signals. If a vault shows abnormal indicators, funds are rebalanced toward more solid allocations, without requiring any action from you.
It's the same logic an institutional manager applies to a money market portfolio, with one difference: here everything happens on-chain, verifiably. You can see every move.
What unflat is NOT (and it's important you know)
This section isn't written to scare you. It's written to respect you.
unflat is not a bank. Your deposits are not covered by the FITD (Italy's deposit guarantee fund) or by equivalent public guarantees elsewhere. We are not custodians of your funds: this is a security advantage for you, but it means that ultimate responsibility for your wallet stays with you.
Yields, "up to 7% APY", are variable and depend on market conditions. They are not guaranteed and can go down. Despite overcollateralization and audits, DeFi carries risks: smart contract bugs, stablecoin de-peg risk, oracle risk, systemic risk in extreme scenarios.
The rule we always repeat: never deposit money you cannot afford to lose. This is not defensive marketing, it's the truth we want you to carry with you every time you open the app.
How to verify everything on your own
Our most important claim is this: please don't trust us, verify what we're telling you. To make it concrete, here's what you can check without asking us anything.
- Your funds: open a block explorer (Etherscan, Basescan depending on the chain), paste your wallet address, see your balances and the history of every transaction in real time.
- Morpho: the risk page in the Morpho documentation and the TVL data on DefiLlama are public. No mediation, no filter from us.
- Privy: the architecture is described in their technical documentation. You can read how key sharding and TEEs work without going through us.
- Coinbase: the NASDAQ listing prospectus (ticker COIN) and the MiCA license are public documents, available on the respective registers.
If you want to go deeper into unflat's technical architecture, you'll find everything in our official documentation on GitBook.
Conclusion
Security, in decentralized finance, isn't a badge slapped on a landing page. It's an architecture of choices: who custodies the keys, how the user authenticates, which regulated partners handle the on-ramp, which protocol puts the funds to work, what happens when something goes wrong.
On unflat, we made choices you can check one by one: non-custodial wallet, Privy for authentication, Coinbase with a MiCA license for the regulated entry point, Morpho for overcollateralized lending, continuous on-chain monitoring.
We're not asking you to trust us. We're asking you to verify. Then, if you're convinced, start putting your savings to work.